Cannot access Policy Server with the WAM UI
search cancel

Cannot access Policy Server with the WAM UI

book

Article ID: 53536

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

When I log into the WAM UI after applying sp1 to the Policy Server I get the following errors in smps.log:

[CA.XPS:SEC00030][ERROR] Remote API session does not contain user path.
[CA.XPS:XPSSVC181][ERROR] Failed to establish a Security Context for user =

Solution:

These errors can indicate that the WAM UI no longer has a valid connection to the Policy Server. To correct this issue, perform the following actions.

Re-register the Administrative UI
You re-register the Administrative UI so it may be used to administer a r12 SP1 Policy Server.

Important! The policy store must be upgraded to r12 SP1 before you can re- register the Administrative UI with the Policy Server.

When you open the Administrative UI login screen, the Server drop-down list includes existing connection names. Use one of the existing connections to log in.

  • A remote API session error message appears when you log in. This is expected behavior. The message appears because the existing connection is no longer valid.

  • You need to create a new Administrative UI connection to re-register the Administrative UI. Before you create the new connection, delete every Administrative UI connection that was configured prior to the upgrade and logout. Deleting the old connections prevents the connection names from appearing in the Server drop-down list.

Registering the Administrative UI requires access to machine that is hosting the Policy Server and the machine that is hosting the Administrative UI. The registration process:

Establishes a connection between the Administrative UI and the Policy Server.

Complete the following procedures to register the Administrative UI:

  1. Run the Administrative UI registration tool.

  2. Gather registration information.

  3. Configure the Administrative UI and Policy Server connection.

Run the Registration Tool
You run the Administrative UI registration tool to:

Create a client name and passphrase. A client name and passphrase pairing are values that the Policy Server uses to identify the Administrative UI you are registering. You submit the client and passphrase values from the Administrative UI to complete the registration process.

To run the registration tool
Open a command prompt from the machine that is hosting the Policy Server, and run the following command:

  1. xpsregclient client_name -adminui

    client name
    Specifies the name that identifies the Administrative UI that is to be registered.

    Limitation: This value must be unique. For example, if you have previously used smui1 to register an Administrative UI, enter smui2.

    Note: Record this value. This is a required value to complete the registration process from the Administrative UI.

    -adminui
    Specifies that an Administrative UI is being registered.

    For additional information on xpsregclient please refer to Chapter 8 page 306 of the Policy Server installation guide.

    The registration tool lists the name of the registration log file and prompts for a passphrase.
    Enter and confirm the passphrase. The passphrase must contain at least:
    Eight (8) characters
    One (1) digit
    One (1) upper-case character
    One (1) lower-case character

    Note: Consider the following: If the passphrase contains a space, enclose it in quotes (").
    If you are re-registering the Administrative UI as part of an upgrade, you can reuse a previous passphrase.

    Record the passphrase. This is a required value to complete the registration process from the Administrative UI.

    Press Enter.

    The registration tool creates the client name and passphrase pairing.

  2. Gather Registration Information

    The Administrative UI requires specific information about the Policy Server and the client name and passphrase you created to complete the registration process. Gather the following information before logging into the Administrative UI:

    • Client name-The client name you specified using the xpsregclient
      tool.
    • Passphrase-The passphrase you specified using the xpsregclient
      tool.
    • Policy Server host-The IP address or name of the machine hosting
      the Policy Server
    • Policy Server port-The port on which the Policy Server is
      listening. Default: 44441

  3. Configure the Connection to the Policy Server
    You configure the Administrative UI and Policy Server connection so SiteMinder administrators can use the Administrative UI to manage policy information through the Policy Server. You configure the connection from the Administrative UI.

    To configure the Administrative UI and Policy Server connection

    1. Open a supported Web browser and enter
      http://machine_name.company_name.com:port/iam/siteminder.

    2. The Administrative UI login screen opens.
      Log in using the credentials of the Super User you identified when installing the Administrative UI.

    3. Click Administration, Connections.

    4. Click UI, Register Administration UI Server.
      The Register Administration UI Server pane opens.

      Note: You can click Help for a description of fields, controls, and their respective requirements.

    5. Type a connection name in the Name field on the General group box.

    6. Type the name or IP address of the machine on which the Policy Server is installed in the Policy Server Host field.

    7. Type the port on which the Policy Server is listening in the Policy Server Port field.
      Note: This value must match the value in the Accounting port (TCP) field on the Settings tab in the Policy Server Management Console. The default accounting port is is 44441. To determine a non-default port number, open the Settings tab in the Policy Server Management Console.

    8. Type the client name and passphrase you created using the registration tool in the fields on the General group box.

    9. Select a FIPS compatibility mode:

      • If you installed the Policy Server in FIPS-compatibility mode, select Compatibility mode.

      • If you installed the Policy Server in FIPS-only mode, select FIPS only mode.

    10. Click Submit.


    The connection between the Administrative UI and Policy Server is configured. The Infrastructure, Policies, and Reports tab are now
    available.

    If you have installed the Report Server you are also ready to register the Report Server with the Policy Server and the Administrative UI.

Environment

Release:
Component: SMPLC
Powered by Wolken Software